Did Air Canada get hacked a couple of weeks ago?
Mar 25, 2018, 9:50 pm
#3
FlyerTalk Evangelist
Join Date: Jun 2003
Location: YYC
Posts: 23,789
Mar 26, 2018, 10:03 am
#5
Join Date: Aug 2010
Location: Why? Why? Zed! / Why? You? Elle! / Gee! Are You!
Programs: Irrelevant
Posts: 3,543
That's quite a stretch to make, especially in the absence of anything published anywhere.
Mar 26, 2018, 10:43 am
#6
Join Date: May 2015
Location: Vancouver
Programs: Aeroplan, Mileage Plus, WestJet Gold, AMEX Plat
Posts: 2,026
I also think it is safe to assume that most of these hackers are motivated by money and therefore to steal data over an extended period of time not necessarily bring down the system.
The ones that are paid by foreign governments and not motivated by money probably have politically bigger targets to go after than Air Canada.
Mar 26, 2018, 10:53 am
#7
Join Date: Aug 2010
Location: Why? Why? Zed! / Why? You? Elle! / Gee! Are You!
Programs: Irrelevant
Posts: 3,543
I think it safe to assume Air Canada is a very big target. Lots of personal information (peoples address, passport numbers etc.) and lots of credit card transactions.
I also think it is safe to assume that most of these hackers are motivated by money and therefore to steal data over an extended period of time not necessarily bring down the system.
The ones that are paid by foreign governments and not motivated by money probably have politically bigger targets to go after than Air Canada.
I also think it is safe to assume that most of these hackers are motivated by money and therefore to steal data over an extended period of time not necessarily bring down the system.
The ones that are paid by foreign governments and not motivated by money probably have politically bigger targets to go after than Air Canada.
Mar 26, 2018, 11:03 am
#8
Join Date: Aug 2013
Location: YVR - MILLS Waypoint (It's the third house on the left)
Programs: AC*SE100K, wood level status in various other programs
Posts: 6,211
Never ascribe to malice that which is the result of incompetence.
Last edited by Bohemian1; Mar 26, 2018 at 11:42 am
Mar 26, 2018, 11:57 am
#10
A FlyerTalk Posting Legend
Join Date: Sep 2012
Location: SFO
Programs: AC SE MM, BA Gold, SQ Silver, Bonvoy Tit LTG, Hyatt Glob, HH Diamond
Posts: 44,296
I'm not going to start a thread with that as the title unless (until?) I have even a shred of evidence that I'm willing to share.
Last edited by tcook052; Mar 29, 2018 at 2:53 pm Reason: off topic political
Mar 26, 2018, 12:03 pm
#11
Join Date: May 2015
Location: Vancouver
Programs: Aeroplan, Mileage Plus, WestJet Gold, AMEX Plat
Posts: 2,026
Mar 26, 2018, 2:52 pm
#12
FlyerTalk Evangelist
Join Date: Jun 2003
Location: YYC
Posts: 23,789
Mar 26, 2018, 8:08 pm
#14
Join Date: Jan 2016
Posts: 41
Also, recovering from a successful hack/ransomware/whatever attack in a matter of hours is incompatible with AC's IT department reputation. It would even be a tough one for an organisation with mature cybersecurity processes and teams in place...
Mar 26, 2018, 10:25 pm
#15
Join Date: May 2012
Location: BKK/SIN/YYZ/YUL
Programs: DL, AC, Bonvoy, Accor, Hilton
Posts: 2,915
Let's consider what we do know;
Under multiple privacy and public company regulatory laws, Air Canada is obliged to declare if and when it has been hacked and the confidential information of customers or suppliers has been accessed and potentially stolen. Some jurisdictions require the target of such attacks to provide advisory and credit monitoring services to victims. Air Canada does store passport and visa information in addition to credit card data.
I am confident that if an event involving unauthorized access to confidential client data occurred we would know about it. While Canada is not known for protecting the rights of consumers, the EU and the USA do care.
We also know that on any given day foreign state sponsored and sanctioned hackers target Canadian companies. It wasn't too long ago that the Chinese government's agents mounted a full assault on Revenue Canada and have regularly gone after multiple companies. It's been going on for years;
https://www.theglobeandmail.com/news...ticle34485219/
We also know that Russian hackers have targeted Canadian infrastructure entities previously with Hydro Quebec repeatedly targeted because of its power supply to the eastern USA. As Air Canada is a central part of Canada's strategic airlift reserve, it is not unusual for the Russians to target the company. They have done it in the past. Hostile agent attacks will not necessarily be declared if client info has not been accessed or if there is a national security reason not to declare the attack. However, since we know that IT personnel talk about confidential info, it is a fairly good bet that such a hack would eventually be revealed. Someone somewhere will talk. One just has to sit and wait it out.
Under multiple privacy and public company regulatory laws, Air Canada is obliged to declare if and when it has been hacked and the confidential information of customers or suppliers has been accessed and potentially stolen. Some jurisdictions require the target of such attacks to provide advisory and credit monitoring services to victims. Air Canada does store passport and visa information in addition to credit card data.
I am confident that if an event involving unauthorized access to confidential client data occurred we would know about it. While Canada is not known for protecting the rights of consumers, the EU and the USA do care.
We also know that on any given day foreign state sponsored and sanctioned hackers target Canadian companies. It wasn't too long ago that the Chinese government's agents mounted a full assault on Revenue Canada and have regularly gone after multiple companies. It's been going on for years;
https://www.theglobeandmail.com/news...ticle34485219/
We also know that Russian hackers have targeted Canadian infrastructure entities previously with Hydro Quebec repeatedly targeted because of its power supply to the eastern USA. As Air Canada is a central part of Canada's strategic airlift reserve, it is not unusual for the Russians to target the company. They have done it in the past. Hostile agent attacks will not necessarily be declared if client info has not been accessed or if there is a national security reason not to declare the attack. However, since we know that IT personnel talk about confidential info, it is a fairly good bet that such a hack would eventually be revealed. Someone somewhere will talk. One just has to sit and wait it out.
